[
https://issues.apache.org/jira/browse/FELIX-3229?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Felix Meschberger resolved FELIX-3229.
--------------------------------------
Resolution: Fixed
Fixed the permission checks in Rev. 1202621
Also cleaned up the code a bit to properly keep the layering between the
ConfigurationManager and ConfigurationAdminImpl classes.
> ConfigurationAdmin.getConfiguration(String, String) and
> .createConfiguration(String) to generous
> ------------------------------------------------------------------------------------------------
>
> Key: FELIX-3229
> URL: https://issues.apache.org/jira/browse/FELIX-3229
> Project: Felix
> Issue Type: Bug
> Components: Configuration Admin, Specification compliance
> Affects Versions: configadmin-1.2.8
> Reporter: Felix Meschberger
> Assignee: Felix Meschberger
> Fix For: configadmin-1.4.0
>
>
> Similar to FELIX-3228, the ConfigurationAdmin.getConfiguration and
> createConfiguration methods with the location parameter do not properly check
> the null location properly.
> R 4.3 Configuration Admin (v1.4) spec states:
> • createFactoryConfiguration(String,String)
> • ConfigurationPermission[location,CONFIGURE] - if location is not null
> • ConfigurationPermission["*",CONFIGURE] - if location is null
> • getConfiguration(String,String)
> • ConfigurationPermission[*,CONFIGURE] - if location is null or if the
> returned configuration c already exists and c.location is null
> • ConfigurationPermission[location,CONFIGURE] - if location is not null
> • ConfigurationPermission[c.location,CONFIGURE] - if the returned
> configuration c already exists and c.location is not null
> Particularly the CP("*", CONFIGURE) case is not properly checked.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
